Google indicated that it continues to see no shortage of bad apps, as it recently reported knocking some 1.43 million off the Google Play Store in the past year (along with about 173,000 developers that violated the rules of the road).
Google has also implemented measures to more proactively prompt app developers to address security issues, and these collective actions reportedly put a stop to some $2 billion in attempted fraudulent transactions on the platform. Though Android takes some security flak for allowing users to install apps outside of the official Google Play Store framework, some recent research has found that a definite majority of bad apps actually manage to get listed for at least some amount of time.
Google continues to play “whack-a-mole” with bad apps
Google continues to struggle to battle a perception that its mobile OS is less secure than what chief competitor Apple offers, and the state of the Google Play Store is no small part of that. Malware appears frequently, managing to slip through Google’s automated scans, and bad apps sometimes stick around long enough to rack up millions of downloads.
The company is attacking this problem on multiple fronts: offering its more secure Pixel device line (which maintains OS and security updates for much longer than most third-party phones), rolling out its Privacy Sandbox initiative to replace tracking cookies with a more private targeted advertising scheme, and adding security features to the Google Play Store. There has been more of a focus on the app store as of late, as the standard Google Play Protect feature has taken a good deal of criticism for its lapses.
Of course, the difficulty is that roughly a million new apps are added to the store each year, and collectively there are billions of updates of existing apps. Bad apps sometimes sneak through the initial security screening by adding attack elements after they have been listed. New updates to the process for 2022 included new listing requirements, a more rigorous identity verification process and expanded use of machine learning techniques to track uploads that potentially “go rogue” by pulling malware from remote servers after being approved.
Terms for Google Play Store developers tightened in 2022
Google Play Store developers in certain regions are also facing added restrictions on finance apps. And all developers are subject to a security scan applied to new uploads and existing app updates, which flags potential issues and may force serious problems to be addressed before the app can be made publicly available. In some cases, removals are due to failure to address a serious but unintentional vulnerability rather than an attempt to knowingly pass a bad app.
Android developers can help to assure customers that they are offering a secure product by taking the optional Mobile App Security Assessment (MASA), which provides a badge that is displayed in the store’s app listing.